From 2871ba3e6cf5f2421c17b10380c6b1756ef4d57b Mon Sep 17 00:00:00 2001
From: dmiller <dmiller@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Wed, 5 Nov 2014 05:55:52 +0000
Subject: [PATCH] New function, sslcert.parse_ssl_certificate

For reasons, the function is exported from nse_ssl_cert.cc into
nmap.socket, then included and documented in sslcert.lua because it fits
better there.
---
 nse_nsock.cc       |  1 +
 nse_ssl_cert.cc    | 33 ++++++++++++++++++++++++++++++---
 nse_ssl_cert.h     |  1 +
 nselib/sslcert.lua |  8 ++++++++
 4 files changed, 40 insertions(+), 3 deletions(-)

diff --git a/nse_nsock.cc b/nse_nsock.cc
index 181666f6c..9cda82d9a 100644
--- a/nse_nsock.cc
+++ b/nse_nsock.cc
@@ -1048,6 +1048,7 @@ LUALIB_API int luaopen_nsock (lua_State *L)
     {"loop", l_loop},
     {"new", l_new},
     {"sleep", l_sleep},
+    {"parse_ssl_certificate", l_parse_ssl_certificate},
     {NULL, NULL}
   };
 
diff --git a/nse_ssl_cert.cc b/nse_ssl_cert.cc
index 58870b20d..c825701bb 100644
--- a/nse_ssl_cert.cc
+++ b/nse_ssl_cert.cc
@@ -426,13 +426,32 @@ static const char *pkey_type_to_string(int type)
   }
 }
 
+static int parse_ssl_cert(lua_State *L, X509 *cert);
+
+int l_parse_ssl_certificate(lua_State *L)
+{
+  X509 *cert;
+  size_t l;
+  const char *der;
+
+  der = luaL_checklstring(L, 1, &l);
+  if (der == NULL) {
+    lua_pushnil(L);
+    return 1;
+  }
+
+  cert = d2i_X509(NULL, (const unsigned char **) &der, l);
+  if (cert == NULL) {
+    lua_pushnil(L);
+    return 1;
+  }
+  return parse_ssl_cert(L, cert);
+}
+
 int l_get_ssl_certificate(lua_State *L)
 {
   SSL *ssl;
-  struct cert_userdata *udata;
   X509 *cert;
-  X509_NAME *subject, *issuer;
-  EVP_PKEY *pubkey;
 
   ssl = nse_nsock_get_ssl(L);
   cert = SSL_get_peer_certificate(ssl);
@@ -440,6 +459,14 @@ int l_get_ssl_certificate(lua_State *L)
     lua_pushnil(L);
     return 1;
   }
+  return parse_ssl_cert(L, cert);
+}
+
+static int parse_ssl_cert(lua_State *L, X509 *cert)
+{
+  struct cert_userdata *udata;
+  X509_NAME *subject, *issuer;
+  EVP_PKEY *pubkey;
 
   udata = (struct cert_userdata *) lua_newuserdata(L, sizeof(*udata));
   udata->cert = cert;
diff --git a/nse_ssl_cert.h b/nse_ssl_cert.h
index 3abc7d043..b096fb3ce 100644
--- a/nse_ssl_cert.h
+++ b/nse_ssl_cert.h
@@ -123,5 +123,6 @@
 /* $Id:$ */
 
 int l_get_ssl_certificate(lua_State *L);
+int l_parse_ssl_certificate(lua_State *L);
 void nse_nsock_init_ssl_cert(lua_State *L);
 
diff --git a/nselib/sslcert.lua b/nselib/sslcert.lua
index bed258404..f7291ff92 100644
--- a/nselib/sslcert.lua
+++ b/nselib/sslcert.lua
@@ -29,6 +29,14 @@ local string = require "string"
 local xmpp = require "xmpp"
 _ENV = stdnse.module("sslcert", stdnse.seeall)
 
+--- Parse an X.509 certificate from DER-encoded string
+--@name parse_ssl_certificate
+--@class function
+--@param der DER-encoded certificate
+--@return table containing decoded certificate
+--@see nmap.get_ssl_certificate
+_ENV.parse_ssl_certificate = nmap.socket.parse_ssl_certificate
+
 StartTLS = {
 
   -- TODO: Implement STARTTLS for NNTP